08-25-2023 07:28 PM
Hi All,
It is mentioned in the documentation https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/install_guide/b_ise_InstallationGuide31/m_ISEaaS.html ISE in AWS has some known limitations. One known rule mentioned is that "The Amazon VPC supports only Layer 3 features. Cisco ISE nodes on AWS instances do not support Cisco ISE functions that depend on Layer 1 and Layer 2 capabilities. For example, working with DHCP SPAN profiler probes and CDP protocols that use the Cisco ISE CLI is not supported."
Can someone explain the meaning of this limitation? and can I get a list of ISE functions that will not work due to this limitation of Layer 1 and Layer 2 capabilities of AWS.
I can think of Device Profiling is one function that may be affected ? Will it affect is any posture checks functions ? OR any 802.1x Authentication methods ?
Solved! Go to Solution.
08-27-2023 02:26 PM
What the documentation says about ISE CLI and CDP is that you won't see CDP neighbors in the ISE CLI. Fair enough - in my experience it doesn't work half of the time anyway. CDP runs on L2.
And ISE in AWS will work just fine for all RADIUS functionalities, since the RADIUS messages are UDP based (L4) and come to ISE via L3 (IP) transport. RADIUS functionality in AWS is identical with that of on-prem.
Other limitations/differences is that one can't SSH to the ISE CLI using username/password creds - you must use public/private keys. But that is also common in public cloud environments.
08-27-2023 02:26 PM
What the documentation says about ISE CLI and CDP is that you won't see CDP neighbors in the ISE CLI. Fair enough - in my experience it doesn't work half of the time anyway. CDP runs on L2.
And ISE in AWS will work just fine for all RADIUS functionalities, since the RADIUS messages are UDP based (L4) and come to ISE via L3 (IP) transport. RADIUS functionality in AWS is identical with that of on-prem.
Other limitations/differences is that one can't SSH to the ISE CLI using username/password creds - you must use public/private keys. But that is also common in public cloud environments.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide